1. Field of the Invention
The present invention relates to confirmation method of software and apparatus for executing software.
2. Related Background Art
For conventional electronic equipment called “embedded device” with a program embedded in ROM (Read Only Memory) or the like, a hardware alteration such as a ROM exchange is required in order to change the program installed at factory shipment. More and more electronic equipments, even they are embedded devices, are configured to allow software including a program to be installed or replaced after shipment as a general-purpose computer is.
When software, for example a program, is installed after shipment, it is important to prove validity of the program to be installed, i.e., to prove that the program is not maliciously made with an intention to harm electronic equipment after the installation.
For equipment used for the Internet, some methods are provided for proving validity of a program to be installed via networks. As one of the methods, a code signature method in Java (registered trademark) will be described. (Java (registered trademark) is a programming language developed by SUN Microsystems. Java is a registered trademark of SUN Microsystems.) Java (registered trademark) program is usually delivered in a file format called “Jar file format”. A signature is made on this Jar file in Java (registered trademark). The term “signature” used here refers to a digital signature. A digital signature is a bit string calculated from contents data stored in a Jar file and a private key owned by an entity (e.g., a company or an individual). If a bit string of a digital signature differs, the contents data also differs.
In order to authenticate a signature, a developer of a Java (registered trademark) program should be granted a public key to make a pair with a private key and a certification issued by a certificate authority to authenticate the public key. The developer has to submit his/her personal information for identifying himself/herself in order to obtain this certification.
With such a signature attached to a Jar file, a Java (registered trademark) program to be installed can be recognized as a reliable code. Permission granted to the program may be altered for each signatory.
Methods for permitting an execution of an installed program are disclosed in U.S. Pat. No. 5,812,980, Japanese Patent Application Laid-Open No. H2-31227, Japanese Patent Application Laid-Open No. H10-187433 and the like. In the methods, a program exists in electronic equipment from the beginning (e.g., an installer for installing) or an installed program itself confirms particular information owned by an installed program and electronic equipment as well as an externally provided keyword for permitting execution of the program, and when the program confirms it, the program permits execution of the installed program.
Further, methods for installing a program are disclosed in U.S. Pat. No. 5,802,275, Japanese Patent Application Laid-Open No. 2000-322254 and the like. In the methods, a program to be installed is previously encrypted, and when it is installed, it is decrypted with a key for decryption available for the electronic equipment to install the program.
The abovementioned methods using a conventional code signature used as a method for proving validity of a program to be installed on electronic equipment can identify a signatory of the code signature (a program developer), but cannot prove reliability of the signatory for the electronic equipment to have the program installed on it. Therefore, in order to install a program, there is no choice but to believe in the developer of a program just by recognizing his/her signature on it and to install a program without any evidence to prove reliability of the developer for the electronic equipment.
Moreover, those who want to install a program on electronic equipment have to access a certificate authority on a network and validate a certificate attached to the signature authenticated in order to validate the signature. There is no way to validate a signature offline, i.e., when the equipment is not connected to the network.
In the conventional program execution permitting mechanisms disclosed in U.S. Pat. No. 5,812,980 and the like, data used for permission (the abovementioned particular information or the abovementioned keyword) is fixed. The mechanism lacks flexibility, for example to accept a stronger encryption algorithm.
In the methods for installing a program by loading a previously encrypted program and decrypting the program disclosed in U.S. Pat. No. 5,802,275 and the like, all programs including a program module, which is not needed at the moment, are decrypted at installation. This results in a longer time in the decryption and further in the installation.